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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1 .1 14. Applicant's submission filed on 10/3/09 
has been entered. 

Claims 2 and 4-6 have been canceled. Claim 1 has been amended. Claims 1 
and 3 remain. 

Response to Amendment 



Claim Objections 

Claim 1 is objected to because of the following informalities: "the service system 
table" lacks antecedent basis. It is assumed to refer to the extended system service 
table" but clarification is required. 
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Response to Arguments 

Applicant's arguments filed 10/3/09 have been fully considered but they are not 
persuasive. The following interpretation of the prior art is solely based on the current 
set of claims and arguments submitted by the Applicant. It is not the only possible 
interpretation of the prior art and may be altered when/if the claims and/or arguments 
change. 

In response to Applicant's first argument <1>, an allegation of the difference 
between Bowlin and claim 1 is made. However, the disputed feature, handling of the 
write operation for an authorized application in a disk drive was relied upon by Mayer 
(0094). As understood from claim 1, an authorized application has read/write privileges 
in the VSD drive and read only privileges in the disk drive. The unauthorized application 
has no privileges in the VSD and a read/write privileges in the disk drive. The only 
difference between this scenario and that of Bowlin is authorized programs do not have 
write access in the disk drive. This feature is taught by Mayer and is obvious to 
combine with Bowlin for the reasons mentioned in the last office action. 

In response to applicant's argument <2> that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., the OS provides a function to the extended system service table, rather than a 
conventional system service table and only an authorized application includes functions 
of changing and restoring a function so that the authorized application can point at the 
corresponding function in the extended system service table) are not recited in the 
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rejected claim(s). Although the claims are interpreted in light of the specification, 
limitations from the specification are not read into the claims. See In re Van Geuns, 988 
F.2d 1181, 26 USPQ2d 1057 (Fed. Cir. 1993). 

Claim 1 does not couple or define the relationship of the access control module, 
extended system service table, nor the extend system table to the OS. There are no 
specific claimed limitations which require more than taught by Bowlin. Bowlin teaches a 
filter which may or may not be part of the OS (0034). Its functionality is to handle file 
access requests from applications (0035) and determine if and what type of access to 
the file will be granted to the application. If access is denied the file access function is 
stopped. While the names of extended system service table and extended system table 
are used in the claim, their functions are taught by the filter and OS of Bowlin. With 
respect to the service table, it is well known that computers use instruction codes which 
are descriptors of a corresponding function. The extended system table is merely 
responsible for preventing operation of a function, which is done by the filter of Bowlin. 



Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 1 02 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 
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Claims 1 and 3 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
USP Application Publication 2002/0099944 to Bowlin in view of USP Application 
Publication 2003/0159070 to Mayer et al., hereinafter Mayer. 

As per claim 1, Bowlin teaches an access control system, comprising: 
a Virtual Secure Disk (VSD) image file module [virtual directory] occupying a certain 
space of a hard disk in a file form (0039); 

a VSD drive [safe zone] for processing security-sensitive files within the VSD 
image file module (0039); 

a VSD file system module for allowing an operating system to recognize the VSD 
drive as a separate disk volume at a time of access (0039) to the security-sensitive files 
within the VSD image file module (0040); and 

an access control module [filter] for determining access by determining whether 
an access location is a disk drive or the VSD drive (0035) and the application module 
has been authorized to access a file, which is stored on the hard disk [not in safe zone], 
to perform tasks in the application module (0040) 

wherein an authorized application module is configured to access the VSD drive 
for write and read operations [0043 and 0045; application are given permissions to files 
in the safe zone], 

wherein an unauthorized application module is configured to access the disk 
drive for write and read operations [files not in the safe zone are accessible to 
unauthorized application; 0026], and 



Application/Control Number: 10/598,218 Page 6 

Art Unit: 2431 

wherein the unauthorized application module is not allowed to access the VSD 
drive (0045 and 0026). 

wherein the access control module comprises: 

an extended system service table [database] for allowing the operation of a 
corresponding function to be performed when it is pointed at by a descriptor [0035; 
requesting of an access to a file]; 

and an extended system table for changing a function, which is requested of the 
service system table by the application module, to prevent operation of the function, 
determining whether a space in which a corresponding task is performed is the disk 
drive or the VSD drive, determining whether access to the corresponding file by the 
application module has been authorized, and providing the unchanged function to the 
extended system service table or stopping the operation of the function according to 
results of the determination [0047]. Bowlin teaches that access attempts within the safe 
zone by authorized application are denied. Therefore the function is stopped. If it is 
determined that the function is made by an authorized application to a file in the safe 
zone it is permitted. Access is based on type of application and where the file resides. 

Bowlin is silent in teaches an encryption and decryption module for encrypting 
and decrypting data input/output between the VSD image file module and the VSD drive 
and the authorized application module is configured to access the disk drive for a read 
operation only. Mayer teaches that protected files can be encrypted for certain 
applications so that only that application may access them (0102, last sentence on page 
10). This would take Bowlin system one step further for securing files to specific 
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applications. Bowlin teaches that files in the safe zone (virtual drive) can be given 
access to specific applications. If then the files were encrypted, this would increase the 
security of the system. Bowlin teaches encrypting the database which divulges the 
permissions of the file so encrypting the files is a logical step. Therefore it would have 
been obvious to one of ordinary skill in the art at the time of the invention to encrypt the 
files in the safe zone (virtual drive) because it would further protect those sensitive files. 
Mayer also teaches the segregating application in to their environment. Specifically 
Mayer teaches that application should have full access to their own environment but 
read only access to other share environments [0094; first sentence]. This is obvious if 
one considers what would happen if an authorized application is compromised. 
Preventing a compromised application from copying sensitive information into a public 
domain would be catastrophic for an organization. Whether by, malicious intent or 
accidental, preventing leaking of sensitive data is critical. Modifying the system of 
Bowlin with this functionality secures the authorized application from writing the file in 
the safe zone to an area outside the safe zone. Therefore it would have been obvious 
to one of ordinary skill in the art at the time of the invention to incorporate this teaching 
into the system of Bowlin for the reasons just mentioned. 

As per claim 3, Bowlin teaches wherein the VSD image file module virtually 
occupies the hard disk so as to allow the operating system to recognize the data as 
being assigned to a certain space of the hard disk without performing physical 
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assignment for storing the data on the hard disk, so that the authorized application 
module can physically assign the data to the space [virtual directory; 0039]. 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, William Korzuch can be reached on 571-272-7589. The fax 
phone number for the organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Examiner, Art Unit 2431 
/William R. Korzuch/ 

Supervisory Patent Examiner, Art Unit 2431 



